Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Vulnerability Management

CVE explained: how vulnerabilities get identified and scored

A CVE ID and its CVSS score come from different organizations entirely. Here's how identification and severity scoring actually work, using Log4Shell and the 2024 NVD backlog as examples.

May 27, 20267 min read
Application Security

Go security cheat sheet for developers

A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.

May 27, 20267 min read
Vulnerability Management

CVSS scoring explained, and where severity scores go wrong

CVSS score explained through a real case where CVSS, EPSS, and KEV disagreed, showing why severity alone misleads prioritization decisions.

May 27, 20268 min read
Open Source Security

Best Software Composition Analysis tools/services ranked ...

We compare Safeguard and Mend.io on verifiable SCA dimensions — company history, Renovate, SBOM depth, and build provenance — for buyers evaluating tools in 2026.

May 27, 20268 min read
Application Security

10 React security best practices

Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.

May 26, 20268 min read
SBOM

Best SBOM tools for automating bill-of-materials generation

A practical look at the best SBOM tools for 2026, comparing how Safeguard and Mend.io generate, format, and continuously update software bills of materials.

May 26, 20267 min read
Application Security

Comparing React and Angular secure coding practices

React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.

May 26, 20269 min read
Container Security

Top container security tools to evaluate

Comparing Safeguard and Mend.io on the dimensions that actually matter for container security: scanning engine transparency, air-gapped support, registry coverage, and product origin.

May 25, 20268 min read
Application Security

Securing Next.js applications and middleware

CVE-2025-29927 let attackers bypass Next.js middleware auth with one header. Here's how that and three other real CVEs expose middleware, Server Actions, and caching.

May 24, 20267 min read
Buyer's Guides

Mend.io alternatives for SCA/AppSec buyers

A concrete look at Mend.io alternatives for SCA and AppSec buyers, comparing policy enforcement, SBOM generation, and build integrity against Safeguard's unified platform.

May 24, 20268 min read
Vulnerability Analysis

CVE-2025-29927: Next.js middleware authorization bypass

A spoofable internal header let attackers skip Next.js middleware outright, bypassing auth and route protection across many production deployments.

May 24, 20267 min read
Open Source Security

Open source vulnerability management workflow (detect, pr...

A concrete look at the detect-prioritize-remediate workflow for open source vulnerability management, where Mend.io's SCA approach falls short, and how Safeguard closes the gap.

May 24, 20267 min read
supply-chain-security (Page 29) — Safeguard Blog